Systems and methods for testing Signature Pattern Matching (SPM) for a new signature associated with a cloud-based security system with a plurality of nodes and a testing node include operating the testing node with a same management software and SPM library as the plurality of nodes; obtaining a new signature derived to detect malicious content; compiling the new signature in the SPM library for the testing node; implementing one or more test cases related to the malicious content to analyze behavior of the testing node with the SPM library containing the new signature; and, responsive to success in the one or more test cases, providing the SPM library to the plurality of nodes for detection of the malicious content.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A method of testing Signature Pattern Matching (SPM) for a new signature associated with a cloud-based security system comprising a plurality of nodes and a testing node, the method comprising: operating the testing node under actual deployed conditions with a same management software and SPM library as the plurality of nodes; obtaining a new signature derived to detect malicious content; compiling the new signature in the SPM library for the testing node to validate the new signature; implementing one or more test cases related to the malicious content by executing one or more transactions, that include the new signature, between a client and a server that resolve to the testing node; analyzing behavior of the testing node with the SPM library containing the new signature to determine whether the testing node responds correctly to the new signature in the one or more transactions to identify whether the new signature is effective under the actual deployed conditions; responsive to success in the one or more test cases identifying the new signature as effective, providing the SPM library to the plurality of nodes for detection of the malicious content; and synchronizing the testing node with the plurality of nodes using Network Time Protocol (NTP) such that logs match in the cloud-based security system.
2. The method of claim 1 , further comprising: providing data to a log associated with the cloud-based security system based on the one or more test cases.
3. The method of claim 1 , further comprising: determining the new signature which is used to detect the malicious content, wherein the new signature comprises a fingerprint of the malicious content.
4. The method of claim 1 , further comprising: updating and managing the testing node in a similar manner as the plurality of nodes.
5. The method of claim 1 , wherein the testing node is a live node in the cloud-based security system which monitors customer traffic in addition to the one or more test cases.
6. The method of claim 1 , wherein the testing node is a test node in the cloud-based security system which monitors simulated, historical, and/or redirected customer traffic in addition to the one or more test cases.
7. A Signature Pattern Matching (SPM) testing system for a new signature associated with a cloud-based security system comprising a plurality of nodes, the SPM testing system comprising: a network interface and a processor communicatively coupled to one another; and memory storing instructions that, when executed, cause the processor to operate under actual deployed conditions with a same management software and SPM library as the plurality of nodes; obtain a new signature derived to detect malicious content; compile the new signature in the SPM library for the testing node to validate the new signature; implement one or more test cases related to the malicious content by executing one or more transactions, that include the new signature, between a client and a server that resolve to the testing node; analyze behavior of the testing node with the SPM library containing the new signature to determine whether the testing node responds correctly to the new signature in the one or more transactions to identify whether the new signature is effective under the actual deployed conditions; responsive to success in the one or more test cases identifying the new signature as effective, provide the SPM library to the plurality of nodes for detection of the malicious content, and synchronize with the plurality of nodes using Network Time Protocol (NTP) such that logs match in the cloud-based security system.
8. The SPM testing system of claim 7 , wherein the memory storing instructions that, when executed, further cause the processor to provide data to a log associated with the cloud-based security system based on the one or more test cases.
9. The SPM testing system of claim 7 , wherein the new signature is used to detect the malicious content, wherein the new signature comprises a fingerprint of the malicious content.
10. The SPM testing system of claim 7 , wherein the memory storing instructions that, when executed, further cause the processor to update and manage the SPM testing system in a similar manner as the plurality of nodes.
11. The SPM testing system of claim 7 , wherein the memory storing instructions that, when executed, further cause the processor to operate as a live node in the cloud-based security system to monitor customer traffic in addition to the one or more test cases.
12. The SPM testing system of claim 7 , wherein the memory storing instructions that, when executed, further cause the processor to operate as a test node in the cloud-based security system to monitor simulated, historical, and/or redirected customer traffic in addition to the one or more test cases.
13. A cloud-based security system, comprising: a plurality of nodes each comprising one or more processors and memory for in-line monitoring of customer traffic; a testing node communicatively connected to the plurality of nodes and configured to operate under actual deployed conditions with a same management software and Signature Pattern Matching (SPM) library as the plurality of nodes; obtain a new signature derived to detect malicious content; and compile the new signature in the SPM library for the testing node to validate the new signature, wherein, the cloud-based security system is configured to: implement one or more test cases related to the malicious content by executing one or more transactions, that include the new signature, between a client and a server that resolve to the testing node; analyze behavior of the testing node with the SPM library containing the new signature to determine whether the testing node responds correctly to the new signature in the one or more transactions to identify whether the new signature is effective under the actual deployed conditions; and responsive to success in the one or more test cases identifying the new signature as effective, provide the SPM library to the plurality of nodes for detection of the malicious content, wherein the testing node and the plurality of nodes are synchronized using Network Time Protocol (NTP) such that logs match in the cloud-based security system.
14. The cloud-based security system of claim 13 , further comprising: a log node communicatively connected to the plurality of nodes and the testing node and configured to receive data from the testing node based on the one or more test cases.
15. The cloud-based security system of claim 13 , wherein the new signature is used to detect the malicious content, wherein the new signature comprises a fingerprint of the malicious content.
16. The cloud-based security system of claim 13 , wherein the testing node is a live node in the cloud-based security system which monitors customer traffic in addition to the one or more test cases.
17. The cloud-based security system of claim 13 , wherein the testing node is a test node in the cloud-based security system which monitors simulated, historical, and/or redirected customer traffic in addition to the one or more test cases.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
March 8, 2018
January 26, 2021
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.